fwiw, I also believe the draft is ready to progress. On Wed, Jan 22, 2025 at 2:17 PM Brian Campbell <bcampbell= 40pingidentity....@dmarc.ietf.org> wrote:
> Watson, > > I think perhaps there's a misalignment of goals here. > > My perspective is that the privacy considerations are good enough (and > have been for several months now) for the draft to proceed and will likely > be improved or changed more anyway during the course of shepherd, AD, > directorate, and IESG reviews yet to come. > > There were some accommodations made to hear your concerns and then > incorporate text based on your most recent suggestion. From my point of > view, this was an olive branch offered to help move the conversation > forward. It was not intended as an invitation or obligation to introduce > further, more significant changes. > > I strongly believe it is time for this draft to progress, a sentiment I > share with the draft co-editors and I think a significant portion of the > working group participants. Once again, I respectfully request that the > chairs initiate the document shepherding process. > > > > > > On Thu, Jan 16, 2025 at 8:25 PM Watson Ladd <watsonbl...@gmail.com> wrote: > >> Brian, >> >> I'm glad we've finally reached rough consensus on adding the paragraph >> I've wanted since SF, and more importantly highlighting the issues >> that the security failures of SD-JWT makes for users. >> >> However, the editorial issues with the verbosity of the privacy >> considerations remains, and has gotten worse. Is there really no way >> to condense it? I hoped that instead of my hamfisted mass deletion in >> the first PR we'd have a more careful rewrite of the preceding text in >> light of the new consensus to express, vs. not touching it. >> >> I think it would read better as follows: >> >> - Move the summary paragraph (with some edits (s/above/below/ etc)) to >> the top of the section >> - Delete the paragraph that goes "Issuer/Verifier unlinkability with a >> careless," as it is subsumed by the summary entirely. We'll put the >> data minimization note in somewhere else >> - "Contrary to that, Issuer/Verifier unlinkability" - add in the data >> minimization note here >> >> Probably this will need some more chopping at. >> >> IMHO it seems that rather than agree on what we want to say, then say >> it, we've agreed to say 3 or 4 different things all at the same time. >> I don't think that's actually recording agreement on the substance of >> what we want to say. >> >> When we talk about batch issuance we say it achieves presentation >> unlinkability. However, that's not how we defined presentation >> unlinkability, which applies to multiple showing of the same, not >> different credentials. I'm not really sure what to do with that: maybe >> "achieves" should become "works around the lack of". Or maybe we need >> a different notion of same, but that's going to force some very >> sweeping changes. >> >> Sincerely, >> Watson >> >> -- >> Astra mortemque praestare gradatim >> > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*_______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
